Senior Information Security Engineer

Notice to recruiters:
Platte River Power Authority does not accept unsolicited resumes from headhunters, recruitment agencies or fee-based placement services. No agency emails, calls, or solicitations to staff are accepted without a valid agreement. Any unsolicited resume submitted to staff will be considered property of Platte River Power Authority and with no obligation to pay any referral fees.
Job Summary
Serves as a technical leader responsible for serving as the subject matter expert and team lead in several areas of cyber risk remediations, vulnerability management and incident detection, and response processes. Responsible for tier two information security and support with major focus on process improvement and efficiency, creating and maintaining accurate information security documentation.
This posting will remain open for five days.
Work environment and schedule
This position works a typical workweek schedule (Monday through Thursday or Monday through Friday) in a general office environment and may be eligible for hybrid workdays. The successful candidate should reside within a commutable distance of Fort Collins. Performing this work requires occasional physical effort to lift and carry light objects and is primarily sedentary; minimal walking or standing is required on an as-needed basis.
Essential Duties And Responsibilities

• Models the mission, vision, values, and culture of the organization
• Designs, implements, and manages enterprise security architecture under the direction of the manager and director and with a focus on continuously improving security
• Oversees, guides, and leads others in the development, configuration, implementation and maintenance of information security products, policies, programs, standards, procedures, controls
• Oversees security to ensure it is meeting security critical controls and other relevant framework and guidelines
• Oversees information security systems and regularly review and update risk remediation programs to meet the goals of the Cyber Risk Remediation Program and ensures best practice adherence
• Responds to security alerts and classifies as incidents if necessary
• Monitors events for threat campaigns and keeps staff informed
• Gathers information for audits and questionnaire request
• Serves as a subject matter expert, technical resource, and leader in security integrity, research methods, practices for internal and external vulnerability assessments and penetration tests and leads in the identification of security enhancement opportunities and the implementation of solutions
• Serves as a subject matter expert regarding proactive and reactive security investigation methods and evaluates and improves effectiveness of incident response programs, including conducting tabletop exercises
• Oversees and directs SIEM program for multiple environments that include gathering information, log collection, correlation, review, archival and retention; monitors automated alerts and unauthorized account changes and continuously tunes the system to remove false positives and add new cases and detections
• Oversees and directs the vulnerability management program, manages the system for multiple environments; assesses vulnerability of applications, databases, servers, network devices, and staff computing devices; drives the remediation of identified vulnerabilities and exploits using a risk-based approach
• Monitors the communication channels for security vulnerabilities and security patches
• Oversees and directs cloud security programs which includes antivirus solutions, identity management programs, privileged access workstations, and password management
• Maintains and supports the vendor security management program; conducts vendor risk assessment review and security questionnaire review, evaluates and advises on selection process, and continuously monitors
• Works collaboratively with other internal teams to automate security controls, controls access to systems and ensures adherence to security best practices
• Provides input for the information security strategic program and the development and implementation of the disaster recovery and continuity plans
• Creates department and company side communications, regular cybersecurity education and awareness activities

Other Functions

• Maintains active memberships with various information sharing and analysis centers and other industry groups; notifies others when relevant alerts impact organization’s threat landscape, remains updated with cybersecurity trends and regularly attends cybersecurity training
• Provides information to assist management with development of budget
• Performs other duties as assigned

Knowledge, Skills, And Abilities

• Passion and ability to deliver reliable and secure information technology solutions combined with the highest levels of customer service
• Strong written and verbal communication skills
• Willingness to learn new technologies and obtain and maintain required technical certifications
• Ability to establish and maintain effective working relationships and a positive attitude
• Advanced understanding of networking and communications protocols, operating systems, security controls, and securing cloud systems
• Ability to manage multiple priorities simultaneously
• Ability to work after hours and on-call for both scheduled and unscheduled events

Candidate Qualifications
Required criteria

• Work experience: Eight years in information systems/enterprise computing environment, including three years of related information security responsibilities
• Certifications: ITIL, GCIH (or equivalent), and at least two other advanced cybersecurity certifications such as GPEN, CEH, GCDA, or CISSP
• Valid driver's license and ability to remain insurable per Platte River's fleet policy
• Education: Bachelor's degree in CIS, CS, Cybersecurity, or related field; or, equivalent combination of education and experience

Pay
This is an exempt role; salaries are paid bi-weekly and are annualized below for reference. Factors that may be used to determine actual salary include specific skills, years of experience, education, and certifications.

• Full range: $153,404 to $222,458
• Hiring range: $153,404 to $188,041